Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10426	2023-07-10 10:19	doward.exe b8984fa531de29bff678fa99589dd2c0 UPX Malicious Library OS Processor Check PE64 PE File VirusTotal Malware Checks debugger					1.2		31	ZeroCERT

10427	2023-07-10 10:15	File_pass1234.7z 81e40f9ce52d3c67dd93866f979f9a2c Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates executable files unpack itself					2.0	M		ZeroCERT

10428	2023-07-10 08:12	echo-D3FG-2.DE.exe d61c17656e28348150c5d17dcc0106cd Gen1 UPX Malicious Library Anti_VM OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files					1.8		37	ZeroCERT

10429	2023-07-10 08:09	Logic.exe c3e9908d1e901feba57d1787d20890bb UPX Http API PWS HTTP ScreenShot Internet API AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			10.2	M	44	ZeroCERT

10430	2023-07-10 08:08	compan.exe 3fae3aac2be5c0120c6a5427356c8c72 Gen1 Emotet Generic Malware UPX Malicious Library Anti_VM AntiDebug AntiVM OS Processor Check PE64 PE File .NET EXE PE32 CAB Browser Info Stealer Malware download FTP Client Info Stealer Dridex VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	10 Keyword trend analysis Info http://carambasti.info/wp-content/uploads/2019/10 http://carambasti.info/function/v2tmp/useruploadetfilesun.php http://carambasti.info/wp-content/uploads/2020/02 http://carambasti.info/stat_os.php http://carambasti.info/function/v2tmp/usmalber.php http://carambasti.info/v2/doward.exe http://carambasti.info/stats.php?company_id=1&lua=user http://carambasti.info/function/v2tmp/reporozofnc.php http://carambasti.info/wp-content/uploads/2021/10 https://api.ip.sb/ip	11 Info carambasti.info(193.42.110.193) files.catbox.moe(108.181.20.35) - malware n57b30a.info(94.140.112.52) api.ip.sb(172.67.75.172) iplogger.com(148.251.234.93) - mailcious b47n300.info(94.140.112.52) 148.251.234.93 - mailcious 172.67.75.172 - mailcious 94.140.112.52 - mailcious 108.181.20.35 193.42.110.193 - mailcious	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User-Agent (Installed OK) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request		19.2	M	43	ZeroCERT

10431	2023-07-10 08:06	europowerzx.doc 325fb5e2010dee354704202ba9c6cf7b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO TLS Handshake Failure ET INFO Executable Download from dotted-quad Host SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	34	ZeroCERT

10432	2023-07-10 08:06	echo-4662-2DF5.exe 25fca21c810a8ffabf4fdf3b1755c73c Themida Packer Generic Malware UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE64 PE File unpack itself Windows crashed					2.4			ZeroCERT

10433	2023-07-10 08:03	photo270.exe e2d38861d75a1dc3c502f418e56222b4 Gen1 Emotet SmokeLoader UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 CAB AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Disables Windows Security AppData folder AntiVM_Disk VM Disk Size Check Windows Update DNS Cryptographic key		1			7.6	M		ZeroCERT

10434	2023-07-10 08:02	s.exe dbf483bb273e267839e60bc5e78dd4e6 UPX Malicious Library OS Processor Check PE File PE32 unpack itself Remote Code Execution					1.0	M		ZeroCERT

10435	2023-07-10 07:56	okka25.exe 484ba824bee1da806d39dd7c902b5110 UPX Malicious Library Malicious Packer PE64 PE File Browser Info Stealer Malware download VirusTotal Malware PDB Malicious Traffic unpack itself Check virtual network interfaces Fabookie Browser Remote Code Execution	3 Keyword trend analysis	4	1	3	3.4	M	14	ZeroCERT

10436	2023-07-10 07:53	newpy.exe b28167faf2bcf0150d5e816346abb42d Gen1 UPX Malicious Library Anti_VM OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files DNS		1			2.2	M	26	ZeroCERT

10437	2023-07-10 07:52	123.exe 791545e6e3c5eb61dd12ccfbae1b9982 Gen1 Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File PDB Remote Code Execution					0.6	M		ZeroCERT

10438	2023-07-10 07:50	RiotGames.exe 5379d703170770355efdbce86dcdb1d3 Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader UPX Malicious Library Malicious Packer Create Service Socket Escalate priviledges PWS Sniff Audio DNS ScreenS Remcos VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory buffers extracted Windows utilities Disables Windows Security suspicious process WriteConsoleW Windows DNS keylogger	1 Keyword trend analysis	3	1		10.8		58	ZeroCERT

10439	2023-07-10 07:48	herozx.exe 016bbb3f7e72cb4d011c3bed3b0470e8 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2		13.6		47	ZeroCERT

10440	2023-07-10 07:47	kudizx.exe 311d4bae516d3cdec05f0dc98166fdff .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself					5.6		49	ZeroCERT